Trojan Dropper: A file that contains at least one additional, malicious file. For a file to be a Trojan Dropper and not solely a “dropper” its payload must be comprised of multiple, unrelated spies (multiple, unrelated spies indicate that this is a custom, affiliate installer). A Trojan Dropper may be an executable that contains multiple files. When the Trojan Dropper executes, the files inside the .exe are installed. A Trojan Dropper may also be a .chm (Windows Help File). Since a .chm is really a Windows proprietary compressor, it may contain multiple, malicious bundles inside the .chm, which the Trojan Dropper installs when the user exec Trojan Downloader: After installation, the Trojan contacts a remote host/site and installs packages or affiliates from the remote host. These installs usually occur without the user’s knowledge. Additionally, a Trojan Downloader’s payload may differ from installation to installation since it obtains downloading instructions from the remote host/site.utes the .chm file.
Trojan Backdoor: After a Trojan Backdoor installs itself, it contacts or listens to a remote site/computer. A Trojan Backdoor may receive instructions or may pass information to a remote/computer. Generally, it opens a port, allowing the machine on which the Trojan Backdoor is running to be further compromised.
Trojan Bot: A Trojan bot is a compromised system that can be controlled (via hard-wired instructions or remotely) as one of many bots that can perform activities such as:
- Participating in DDoS attacks
- Sending spam
- Transferring sensitive information on command
Trojan Relayer: A Trojan Relayer is an application that’s primary function is to relay spam messages from the infected computer.
Trojan Relayer: A Trojan Relayer is an application that’s primary function is to relay spam messages from the infected computer.
Below are some of the known trojan variants: